Consumers segfaults if processing data too fast #14
Comments
|
Pipe maintains a circular buffer, where * buffer end begin bufend
* [============> >=====================]In the pop function, there is a potential underflow if the number of bytes between begin and bufend < elem_size. In other words, there is no data between begin/bufend, only the sentinel. // Copy either as many bytes as requested, or the available bytes in the RHS
// of a wrapped buffer - whichever is smaller.
{
size_t first_bytes_to_copy = min(bytes_to_copy, (size_t)(s.bufend - s.begin - elem_size));
target = offset_memcpy(target, s.begin + elem_size, first_bytes_to_copy);When this happens, this leads to large number, so that |
|
The fix is simply making sure --- a/pipe.c
+++ b/pipe.c
@@ -960,11 +960,14 @@ static inline snapshot_t pop_without_locking(snapshot_t s,
assertume(s.begin != s.bufend);
size_t elem_size = s.elem_size;
+ // from begin to bufend could just be the sentinel (or part of one)
+ size_t remaining = s.bufend - s.begin;
// Copy either as many bytes as requested, or the available bytes in the RHS
// of a wrapped buffer - whichever is smaller.
+ if(likely(remaining > elem_size))
{
- size_t first_bytes_to_copy = min(bytes_to_copy, (size_t)(s.bufend - s.begin - elem_size));
+ size_t first_bytes_to_copy = min(bytes_to_copy, (size_t)(remaining - elem_size));
target = offset_memcpy(target, s.begin + elem_size, first_bytes_to_copy);
|
|
See also commits in https://github.com/git-blame/pipe |
|
If you send a PR, I'm happy to merge. |
|
Hi, Is this issue fixed ? |
It seems if producers/consumers are writing/reading (i.e., changing content of buffer) very quickly, we get a situation where the pipe (data) is "clobbered" somehow resulting in crash.
This doesn't seem to occur in the regular code because of #6, the pipe buffer continually grows. However, if you apply the patch from the issue, you may run into this problem.
The text was updated successfully, but these errors were encountered: